PERFORCE change 145159 for review
Vincenzo Iozzo
snagg at FreeBSD.org
Sun Jul 13 16:24:05 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=145159
Change 145159 by snagg at snagg_macosx on 2008/07/13 16:23:50
audit_pipe.c and audit_ioctl.h were modified in order to provide
only per-pid tracing, the ABI is no longer broken a new structure has been created for ioctl. The old code, with events support, is in the new files added. Note that the old code still breaks the ABI.
Affected files ...
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl-events.h#1 add
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#16 edit
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe-events.c#1 add
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#25 edit
Differences ...
==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#16 (text) ====
@@ -38,20 +38,14 @@
* structures, add new revised ones to be used by new ioctls, and keep the
* old structures and ioctls for backwards compatibility.
*/
-struct auditpipe_ioctl_preselect_event {
- int app_event;
- int app_flag;
-};
-struct auditpipe_ioctl_preselect {
+struct auditpipe_ioctl_preselect_pid {
au_id_t aip_auid;
au_mask_t aip_mask;
pid_t app_pid;
- struct auditpipe_ioctl_preselect_event *app_auevents;
- int app_event_len;
};
-struct auditpipe_ioctl_preselect_old {
+struct auditpipe_ioctl_preselect{
au_id_t aip_auid;
au_mask_t aip_mask;
};
@@ -61,8 +55,7 @@
*/
#define AUDITPIPE_PRESELECT_MODE_TRAIL 1 /* Global audit trail. */
#define AUDITPIPE_PRESELECT_MODE_LOCAL 2 /* Local audit trail. */
-#define AUDITPIPE_PRESELECT_MODE_EVENT 3 /* Events-pid based audit trail */
-#define AUDITPIPE_PRESELECT_MODE_PID 4 /*Pid based audit trail*/
+#define AUDITPIPE_PRESELECT_MODE_PID 3 /*Pid based audit trail*/
/*
* Ioctls to read and control the behavior of individual audit pipe devices.
@@ -86,12 +79,12 @@
#define AUDITPIPE_SET_PRESELECT_MODE _IOW(AUDITPIPE_IOBASE, 15, int)
#define AUDITPIPE_FLUSH _IO(AUDITPIPE_IOBASE, 16)
#define AUDITPIPE_GET_MAXAUDITDATA _IOR(AUDITPIPE_IOBASE, 17, u_int)
-#define AUDITPIPE_GET_PRESELECT_EVENT_LIST _IOWR(AUDITPIPE_IOBASE, 18, \
- struct auditpipe_ioctl_preselect)
-#define AUDITPIPE_SET_PRESELECT_EVENTS _IOW(AUDITPIPE_IOBASE, 19, \
- struct auditpipe_ioctl_preselect)
+#define AUDITPIPE_GET_PRESELECT_PID _IOR(AUDITPIPE_IOBASE, 18, \
+ struct auditpipe_ioctl_preselect_pid)
+#define AUDITPIPE_SET_PRESELECT_PID _IOW(AUDITPIPE_IOBASE, 19, \
+ struct auditpipe_ioctl_preselect_pid)
#define AUDITPIPE_DELETE_PRESELECT_PID _IOW(AUDITPIPE_IOBASE, 20, pid_t)
-#define AUDITPIPE_FLUSH_PRESELECT_EVENTS _IO(AUDITPIPE_IOBASE, 21)
+#define AUDITPIPE_FLUSH_PRESELECT_PID _IO(AUDITPIPE_IOBASE, 21)
/*
* Ioctls to retrieve audit pipe statistics.
==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#25 (text) ====
@@ -68,8 +68,6 @@
"Audit pipe entries and buffers");
static MALLOC_DEFINE(M_AUDIT_PIPE_PRESELECT, "audit_pipe_presel",
"Audit pipe preselection structure");
-static MALLOC_DEFINE(M_AUDIT_PIPE_PRESELECT_EVENT,
- "Audit_pipe_preselection", "Audit pipe preselection events structure");
/*
* Audit pipe buffer parameters.
@@ -77,7 +75,6 @@
#define AUDIT_PIPE_QLIMIT_DEFAULT (128)
#define AUDIT_PIPE_QLIMIT_MIN (0)
#define AUDIT_PIPE_QLIMIT_MAX (1024)
-#define AUDIT_NEVENTS (256)
/*
* Description of an entry in an audit_pipe.
@@ -99,16 +96,11 @@
* We may want to consider a more space/time-efficient data structure once
* usage patterns for per-auid specifications are clear.
*/
-struct audit_pipe_preselect_event {
- int app_event;
- int app_flag;
-};
struct audit_pipe_preselect {
au_id_t app_auid;
au_mask_t app_mask;
pid_t app_pid;
- struct audit_pipe_preselect_event *app_auevents;
int app_event_len;
TAILQ_ENTRY(audit_pipe_preselect) app_list;
};
@@ -227,58 +219,24 @@
free(ape, M_AUDIT_PIPE_ENTRY);
}
-/*
- * The event array is sorted in ascending order, needed for the binary search
- */
-static int
-audit_pipe_compare_preselect_event(const void *a, const void *b)
-{
- const struct audit_pipe_preselect_event *entrya, *entryb;
-
- entrya = a;
- entryb = b;
- if(entrya->app_event > entryb->app_event)
- return (1);
- else if (entrya->app_event < entryb->app_event)
- return (-1);
- else
- return (0);
-}
/*
- * Find an audit pipe preselection specification for an event and flag,
+ * Find an audit pipe preselection specification for a pid,
* if any.
*/
static struct audit_pipe_preselect *
-audit_pipe_preselect_find_event(struct audit_pipe *ap, int app_event,
- pid_t app_pid, int event_flag)
+audit_pipe_preselect_find_pid(struct audit_pipe *ap, pid_t app_pid)
{
struct audit_pipe_preselect *app;
- struct audit_pipe_preselect_event *event, ev_a;
mtx_assert(&audit_pipe_mtx, MA_OWNED);
- ev_a.app_event = app_event;
- ev_a.app_flag = event_flag;
TAILQ_FOREACH(app, &ap->ap_preselect_list, app_list) {
- if(app->app_pid == app_pid) {
-
- /* Just skip if we are interested only in the pid. */
- if(app_event != -1 && app->app_event_len > 0) {
- event = bsearch(&ev_a, (app->app_auevents), app->app_event_len,
- sizeof(struct audit_pipe_preselect_event),
- audit_pipe_compare_preselect_event);
- if(event != NULL) {
- if(event_flag != -1)
- if (!(event->app_flag & event_flag))
- app = NULL;
- } else
- app = NULL;
- }
- break;
- }
+ if(app->app_pid == app_pid)
+ return (app);
}
- return (app);
+
+ return (NULL);
}
/*
@@ -299,116 +257,84 @@
}
/*
- * Query the per-pipe events list for a specific pid.
+ * Query the per-pipe mask for a specific auid.
*/
static int
-audit_pipe_preselect_get_events_list(struct audit_pipe *ap,
- pid_t app_pid, struct audit_pipe_preselect_event *app_events, int app_len)
+audit_pipe_preselect_get(struct audit_pipe *ap, au_id_t auid,
+ au_mask_t *maskp)
{
struct audit_pipe_preselect *app;
int error;
mtx_lock(&audit_pipe_mtx);
- app = audit_pipe_preselect_find_event(ap, -1, app_pid, -1);
- if (app != NULL)
- error = copyout(app->app_auevents, app_events,
- sizeof(struct audit_pipe_preselect_event)*
- ((app_len > app->app_event_len) ? app->app_event_len : app_len));
- else
+ app = audit_pipe_preselect_find(ap, auid);
+ if (app != NULL) {
+ *maskp = app->app_mask;
+ error = 0;
+ } else
error = ENOENT;
mtx_unlock(&audit_pipe_mtx);
return (error);
}
/*
- * Query the per-pipe mask for a specific auid.
+ * Check if there's an entry for a given pid
*/
static int
-audit_pipe_preselect_get(struct audit_pipe *ap, au_id_t auid,
- au_mask_t *maskp)
+audit_pipe_preselect_get_pid(struct audit_pipe *ap, pid_t pid)
{
struct audit_pipe_preselect *app;
int error;
-
+
mtx_lock(&audit_pipe_mtx);
- app = audit_pipe_preselect_find(ap, auid);
- if (app != NULL) {
- *maskp = app->app_mask;
+ app = audit_pipe_preselect_find_pid(ap, pid);
+ if(app != NULL)
error = 0;
- } else
+ else
error = ENOENT;
+
mtx_unlock(&audit_pipe_mtx);
- return (error);
+ return(error);
}
-
+
/*
* Add a new entry for a specifc event. Add a new entry if needed;
* otherwise, update the current entry.
*/
static void
-audit_pipe_preselect_set_events(struct audit_pipe *ap, pid_t app_pid,
- struct audit_pipe_preselect_event *events, int num)
+audit_pipe_preselect_set_pid(struct audit_pipe *ap, pid_t app_pid)
{
struct audit_pipe_preselect *app, *app_new;
- int i, found;
+ int found;
+
+
+ KASSERT(app_pid >= 0, ("Pid is invalid"));
/*
* Pessimistically assume that the entry for this pid doesn't
* exist, and allocate. We will free it if it is unneeded.
*/
- KASSERT(num >= 0, ("Number of events is out of range"));
+ app_new = malloc(sizeof(*app_new), M_AUDIT_PIPE_PRESELECT, M_WAITOK);
- /* Max number allowed */
- KASSERT(num <= AUDIT_NEVENTS, ("Number of events is out of range"));
-
- app_new = malloc(sizeof(*app_new), M_AUDIT_PIPE_PRESELECT, M_WAITOK);
- if(num)
- app_new->app_auevents= malloc(sizeof(struct audit_pipe_preselect_event) *
- num, M_AUDIT_PIPE_PRESELECT_EVENT, M_WAITOK);
-
mtx_lock(&audit_pipe_mtx);
/*
- * First search for the entry by its pid
+ * Search for the entry by its pid
*/
- app = audit_pipe_preselect_find_event(ap, -1, app_pid, -1);
+ app = audit_pipe_preselect_find_pid(ap, app_pid);
found = (app != NULL) ? 1: 0;
- if(found) {
- if(app->app_event_len)
- free(app->app_auevents, M_AUDIT_PIPE_PRESELECT_EVENT);
- app->app_auevents = app_new->app_auevents;
- app_new = NULL;
- app->app_event_len = num;
- for (i = 0; i < num; i++) {
- (app->app_auevents + i)->app_event = (events + i)->app_event;
- (app->app_auevents + i)->app_flag = (events + i)->app_flag;
- }
- qsort((app->app_auevents), app->app_event_len,
- sizeof(struct audit_pipe_preselect_event),
- audit_pipe_compare_preselect_event);
- } else {
+ if(!found) {
app = app_new;
app_new = NULL;
app->app_pid = app_pid;
- app->app_event_len = num;
- for (i = 0; i < num; i++) {
- (app->app_auevents + i)->app_event = (events + i)->app_event;
- (app->app_auevents + i)->app_flag = (events + i)->app_flag;
- }
- qsort((app->app_auevents), app->app_event_len,
- sizeof(struct audit_pipe_preselect_event),
- audit_pipe_compare_preselect_event);
TAILQ_INSERT_TAIL(&ap->ap_preselect_list, app, app_list);
}
-
mtx_unlock(&audit_pipe_mtx);
if (app_new != NULL) {
free(app_new, M_AUDIT_PIPE_PRESELECT);
- if(num)
- free(app_new->app_auevents, M_AUDIT_PIPE_PRESELECT_EVENT);
- }
-}
+ }
+}
/*
* Set the per-pipe mask for a specific event. Add a new entry if needed;
@@ -439,37 +365,6 @@
}
/*
- * Delete a per-event entry on an audit pipe. DON'T KNOW WHETHER IT IS USEFUL OR NOT
- */
-/*
-static int
-audit_pipe_preselect_delete_event(struct audit_pipe *ap, int app_event, pid_t pid,
- int app_flag)
-{
- struct audit_pipe_preselect *app;
- int i;
-
- mtx_lock(&audit_pipe_mtx);
- app = audit_pipe_preselect_find_event(ap, app_event, pid, -1);
- if (app != NULL) {
- for( i = 0; i < app->app_event_len; i++) {
- if((app->app_auevents + i)->app_event == app_event &&
- (app->app_auevents + i)->app_flag == app_flag) {
- free((app->app_auevents + i), M_AUDIT_PIPE_PRESELECT_EVENT);
- break;
- }
- }
- mtx_unlock(&audit_pipe_mtx);
- return(0);
- }
- mtx_unlock(&audit_pipe_mtx);
-
- return (ENOENT);
-
-}
-*/
-
-/*
* Delete a per-pid entry on an audit pipe wiping the whole entry.
*/
static int
@@ -478,12 +373,10 @@
struct audit_pipe_preselect *app;
mtx_lock(&audit_pipe_mtx);
- app = audit_pipe_preselect_find_event(ap, -1, pid, -1);
+ app = audit_pipe_preselect_find_pid(ap, pid);
if (app != NULL) {
TAILQ_REMOVE(&ap->ap_preselect_list, app, app_list);
mtx_unlock(&audit_pipe_mtx);
- if(app->app_auevents != NULL)
- free(app->app_auevents, M_AUDIT_PIPE_PRESELECT_EVENT);
free(app, M_AUDIT_PIPE_PRESELECT);
return (0);
} else
@@ -518,7 +411,7 @@
* Delete all per-events entry on an audit pipe.
*/
static void
-audit_pipe_preselect_events_flush_locked(struct audit_pipe *ap)
+audit_pipe_preselect_pid_flush_locked(struct audit_pipe *ap)
{
struct audit_pipe_preselect *app;
@@ -526,20 +419,17 @@
while ((app = TAILQ_FIRST(&ap->ap_preselect_list)) != NULL) {
TAILQ_REMOVE(&ap->ap_preselect_list, app, app_list);
- if (app != NULL) {
- if(app->app_auevents != NULL)
- free(app->app_auevents , M_AUDIT_PIPE_PRESELECT_EVENT);
+ if (app != NULL)
free(app, M_AUDIT_PIPE_PRESELECT);
- }
}
}
static void
-audit_pipe_preselect_events_flush(struct audit_pipe *ap)
+audit_pipe_preselect_pid_flush(struct audit_pipe *ap)
{
mtx_lock(&audit_pipe_mtx);
- audit_pipe_preselect_events_flush_locked(ap);
+ audit_pipe_preselect_pid_flush_locked(ap);
mtx_unlock(&audit_pipe_mtx);
}
@@ -603,16 +493,9 @@
} else
return (au_preselect(event, class, &app->app_mask,
sorf));
-
- case AUDITPIPE_PRESELECT_MODE_EVENT:
- app = audit_pipe_preselect_find_event(ap, event, app_pid, sorf);
- if(app != NULL)
- return (1);
- else
- break;
case AUDITPIPE_PRESELECT_MODE_PID:
- app = audit_pipe_preselect_find_event(ap, -1, app_pid, -1);
+ app = audit_pipe_preselect_find_pid(ap, app_pid);
if(app != NULL)
return (1);
else
@@ -942,6 +825,7 @@
struct thread *td)
{
struct auditpipe_ioctl_preselect *aip;
+ struct auditpipe_ioctl_preselect_pid *aip_pid;
struct audit_pipe *ap;
au_mask_t *maskp;
int error, mode;
@@ -1065,18 +949,14 @@
&aip->aip_mask);
break;
- case AUDITPIPE_GET_PRESELECT_EVENT_LIST:
- aip = (struct auditpipe_ioctl_preselect *)data;
- error = audit_pipe_preselect_get_events_list(ap, aip->app_pid,
- (struct audit_pipe_preselect_event *)aip->app_auevents,
- aip->app_event_len);
+ case AUDITPIPE_GET_PRESELECT_PID:
+ aip_pid = (struct auditpipe_ioctl_preselect_pid *)data;
+ error = audit_pipe_preselect_get_pid(ap, aip_pid->app_pid);
break;
- case AUDITPIPE_SET_PRESELECT_EVENTS:
- aip = (struct auditpipe_ioctl_preselect *)data;
- audit_pipe_preselect_set_events(ap, aip->app_pid,
- (struct audit_pipe_preselect_event *)aip->app_auevents,
- aip->app_event_len);
+ case AUDITPIPE_SET_PRESELECT_PID:
+ aip_pid = (struct auditpipe_ioctl_preselect_pid *)data;
+ audit_pipe_preselect_set_pid(ap, aip_pid->app_pid);
error = 0;
break;
@@ -1101,8 +981,8 @@
error = 0;
break;
- case AUDITPIPE_FLUSH_PRESELECT_EVENTS:
- audit_pipe_preselect_events_flush(ap);
+ case AUDITPIPE_FLUSH_PRESELECT_PID:
+ audit_pipe_preselect_pid_flush(ap);
error = 0;
break;
@@ -1118,7 +998,6 @@
switch (mode) {
case AUDITPIPE_PRESELECT_MODE_TRAIL:
case AUDITPIPE_PRESELECT_MODE_LOCAL:
- case AUDITPIPE_PRESELECT_MODE_EVENT:
case AUDITPIPE_PRESELECT_MODE_PID:
mtx_lock(&audit_pipe_mtx);
ap->ap_preselect_mode = mode;
More information about the p4-projects
mailing list